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METHOD OF AND SYSTEM FOR EFFECTING ANONYMOUS 
CREDIT CARD PURCHASES OVER THE INTERNET 

Cross-Refereaced Applicatiops 

[01] This a{yplication claims the b^efit &om U.S. application Serial No. 
60/194346, filed April 3, 200(h U. S. plication Serial No. 60/254,056, filed 
Deconber 7, 2000; U.S. plication Serial No. 60/25 1,984, filed December 7, 
2000; and U.S. ^Ucation Serial No. 60/273,595, filed March 5, 2001, the 
disclosures of which are hoieby incorporated by reference into this 
application. 

Field of the Invention 

[02] This invention relates generally to a method of and system for 
effecting anonymous and secure credit card purchases over the internet and 
more particulariy to a method of and system for encrypting and distributing a 
purchaser's private information such that only parties authorized to receive the 
information receive it and are able to decrypt it. 

Background of the invention 

[03] To make purchases using the Internet, buyers are required to disclose 
the buyer's name, address, shipping address, and credit card number to the 
mmhant. Many would-be purchasers are uncomfortable with providing 
such information to the Web merchant, because they are concerned that their 
credit card numbers could be misused and that their privacy could be 
compromised. As a result, such potential buyers choose not to use the Internet 
to make purchases or restrict their purchases to particular merchants whom 
they trust The growth of e-commerce is restricted by these privacy and 
security concerns. 
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[04] likewise, businesses that make Internet pun^iases firom other 
businesses using the Internet are required by present Internet order processing 
systems to reveal identifying and payment information to the selling business 
that may result in the compromise of information regarding tiie transaction 
that the buyer would prefer to remain private. 

Summary of the Invention 

[05] The growth of the Internet for consumer and conmiercial transactions 
creates a need to control what information is revealed to whom in the course 
of the transaction. In the case of Litemet transactions that involve more than 
two parties (such as an e-commerce transaction involving a buyer, a seller, a 
merchant acquirer, and a delivery company), all participants will benefit firom 
a technology solution that provides each party with only ^lat kind and amount 
of information about the transaction that is required in order for the transaction 
to be completed. 

[06] The preferred solution to the Internet privacy problem will not require 
the buyer to take extra steps such as downloading software or browsing to a 
special Intemet site in ord^ to obtain an ahas identity. Most buyers will be 
unwilling to take such extra effort, and will prefer a solution that will enable 
them to browse directly to the merchant's Web site and to make private and 
secure purchases without the need to take any extra steps or precautions, and 
without noticeable latency. 

[07] The preferred solution to the need to control the distribution of 
information among multiple parties to an Intemet transaction will manage 
disclosure to each party such that each party receives only that information it 
needs to complete the transaction, without any need to establish any party as a 
trusted repository of the information of others. 
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[08] The present invention provides a method and system for anonymous 
and secure latemet commerce under ^^lich each party to a transaction receives 
only the specific information it needs to know in ord^ for the transaction to be 
conq>leted, and by which the buyer can remain anonymous to &e merchant 
The invention enables the buyer to browse directly to the merchant's Web site 
witiiout taking any extra or preliminary steps» and also enables the transaction 
to be consununated wiAout disclosure of the buyer's name, address or credit 
card number to the merchant. The invention furdier enables the merchant to 
detennine what specific information of the buyer will be disclosed to the 
merchant, and thus to offer the buyer a technological guarantee tbat it will not 
see any buyer information that is designated by the merchant as private to the 
buyer. Where the merchant is offering anonymity to the buyer, the invention 
provides a method and system by which the buyer's anonymity is protected, 
notonly for purchases, but also for ordinary returns and chargebacks. In 
addition, Ihe invention enables the buyer and scUct to communicate privately 
bye-mail, 

[09] The buyer begins the transaction by browsing to the Web site of the 
Internet merchant, where the buyer identifies any items it wishes to purchase 
and places them in a shopping cart The buyra* is not required to browse first 
to a third-party's Web site, nor is the buyer required to download any 
software. 

[10] After selecting the items it wishes to purchase &om the merchant's 
Wd> site, the buyer chcks on a checkout button and is redirected to the 
security server system of the present invention, which resides on a diSerent 
conq)uter than that of the merchant The security server system serves up one 
or more forms that are filled in by the buyer, consisting of one or more 
checkout forms, a payment instrument form, an email address form, and a 
delivery information form. Some or all of these data siqyplied.by the. buyer are 
encrypted using the pubhc keys of those entities that need to know those items 
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of information in order for the transaction to be completed and assembled into 
a protected information package that is then sent from the security server 
system to the merchant Preferably, a public key security system such as RSA 
is used to encrypt the buy eir's information. 

[1 1] The merchant receives the information package(s) and stores their data 
elements in an order management database in their encrypted form. The 

merchant does not possess the c^ability of decrypting information in the 

protected information package that is delivered to the merchant in oacrypted 
form, although it does have the cs^abOity of reading any information that is 
parsed to the merchant from the security server system in unencrypted form. 

[12] The merchant sends an encrypted payment authorization request to the 
merchant acquirer or to the issuing bank. The merchant acquirer or issuing 
bank decrypts the' payment authorization request, processes tiiat request, and 
sends a response to the monchant either authorizing or denying the transaction. 
The merchant can communicate with the buyer without knowing the real e- 
mail address of the buyer by using a secure mail feature of the present 
invention. In that situation, the merchant directs its e-mail to the buyer 
through the security server system. The security server system assigns alias 
identities to the merchant and the buyer. Only the merchant can conununicate 
with the buyer using the secure mail feature. 

[13] In situations where the buyer is purchasing hard goods for delivery to 
his address, the merchant sends an encrypted delivery request to the delivery 
conq>any containing the buyer's name and shipping address and an order 
number, or other ^>propriate informatioiL The delivery coirq>any decrypts the 
delivery request and provides the merchant with a numerical idoititier that it 
associates with the goods ordered by the buyer. The merchant, or a party 
providing fulfillment services on behalf of the merchant, receives the 
numerical identitier and places it on the package containing the goods ordered 
by the buyer. The delivery company picks up the package from the merchant 
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or fulfillmait party, translates ttie nmnencal identifier as necessary, and 
delivers die package to die buyer. 

[14] The invention also accommodates retums and chargebacks without 
comprising the anonymity of die buyer. 

[15] The invention satisfies the following objectives: 

1 . Buyers can make online purchases without disclosing their names, 
addresses, or payment instrument information to die seller. 

2. Buyers are not required to go to tiiird-party Web sites or to download 
software in order to make anonymous and secure purchases fipom the 
merchant All the buyer has to do is to browse directly to the 
merchant's site and make a purchase by filling in a shopping cart and 
providing the standard items of information by completing standard 
forms served to the buyer. 

3. Internet merchants can ofiFer complete anonymity to privacy-sensitive 
buyers and eliminate the risk of loss from credit card theft and hacking. 

4. Merchants using the invention can continue to offer perso n a l i z a ti on to- 
their customers. 

5 . Merchants using the invention select the level of privacy that will be 
delivered to their customers — fiill anonymity or credit card privacy. In 
both cases, the merchant never receives, stores or transmits the 
customer's credit card information. 

6. The invention provides a universal transaction interface through which 
merchants can deploy a wide range of new payment and security 
technologies (including smart cards, biometric identity verification, 
digital signatures, on-line checks, ATM cards, and person-to-person 
payments) without fiirther changes to the merchant's order processing 
systems. 
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7. The invention pennits e-mail conunumcations without conqsromising 
the anonymity of the huyer. 

[16] According to one aspect of the invention, a transaction system for 
p^oiming secure transactions over a communication network includes (i) a 
merchant server system including a computer processor and associated 
memdiry, the iherchadt server system offCTing items for sale; (ii) a buyer 
system including a conq>uter processor and associated memory, the buyer 
system being selectively couplable to the merchant server system over the 
communication network to ini^i^ft a transaction, wherein, during the 
transaction, the buyer system selects one or more of the items for purchase; 
(iii) a security server system including a computer processor and associated 
memory and an encryption device, the security saver system receiving buyer 
information &om the buyer system, encrypting the buyer infom[iation in an 
encryption key that prevents the merchant server system fix)m decrypting the 
buyer infonnation, and transferring the encrypted buyer information to the 
merchant server system; and (iv) a third server system including a conqiuter 
processor and associated memory, the third server system being selectively 
couplable to the merchant server system, wherein the merchant server system 
transmits at least a portion of the encrypted buyer information to the third 
server system for processing during the transaction. 

[17] The third server system may be one of a delivery server system and a 
payment processor server system. The encrypted buyer information received 
by the delivery server system may be delivery address information of the 
buyer. The encnypted buyer information received by the payment processor 
server system may be payment information of the buyer. The transaction 
system may further include a fourth server system including a computer 
processor and associated memory, the fourth server system being selectively 
couplable to one of the merchant server system and the third server system. 
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\s^erein the one of the merchant server system and &e third server system 
transmits at least a portion of the encrypted buyer information to the fourth 
servo' system for processing during the transaction. The security server 
system may encrypt the buyer information into a first document and a second 
document, wherein the first document is transmitted to the third server system 
by the merchant server syst^n and the second document is transmitted to the 
fomlh server system by the merchant server sysft The security server 
system may encrypt the buyer inf oimation into a first document and a second 
document, wh^ein the first and second documents are transmitted to the third 
server system by the merchant server system and the second document is 
transmitted to Ihe fourth server system by the third server syston. The third 
server system may be one of a delivery server system and a payment processor 
server system and wherein the fourth server system is the other of the delivery 
server system and the payment processor server system, and wherein the first 
document may contain one of the buyer system's delivery address information 
and the buyer system's payment information and the second document may 
contain the other of the buyer system's delivery address information and the 
buyer system's paynient information. The security server system may encrypt 
the first document using a first oicryption key and the second document using 
a second encryption key, wherein the one of the third server system and the 
fourth sCTver system that receives the first document can decrypt the first 
document but not the second document and wherein the other one of the third 
server system and the fourth server system that receives the second document 
can decrypt the second document but not the first document 
[1 8] According to another aspect of the invention, a system for performing 
secure transactions over a communication network includes (i) a merchant 
server system including a computer processor and associated memory, the 
merchant server system offering items for sale; (ii) a buyer system including a 
conq>uter processor and associated manory, the buyer system being 
selectively coiq)lable to the merchant server system over the conmiunication 
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netwoik to initiate a transactioii, whereiii, during the transaction, the buyer 
system selects one or more of the items for purchase; (iii) a security server 
system inchiding a computer processor and associated memory, the security 
servor system being selectively couplable to the buyer system to receive buyer 
infonnation £Fom the buyer system in the course of the transaction, the buyer 
information inchiding delivery address infoimation and payment information; 
(iv) a delivery server system inchiding a conq>uter processor and associated 
memory; and (v) a payment processor server system including a con^uter 
processor and associated memory. The security servCT transmits the delivery 
address information to the delivery server system and the payment information 
to the payment processor server syston. 

[19] The security servCT system may encrypt the deHvery address 
information into a first documeait and the payment information into a second 
document The security server system may transmit the first and second 
document to the merchant server system, which transmits die first document to 
Ihe delivery server system and the second document to the payment processor 
server system. The merchant server system is incapable of decrypting the first 
and second documents. 

[201 According to another aspect of the invention, a transaction system for 
performing secure transactions over a communication network includes (i) a 
merchant server system including a computer processor and associated 
memory, the merchant server system ofifering items for sal^ (ii) a buyer 
system including a conq)uter processor and associated memory, the buyer 
system being selectively couplable to the merchant server system over the 
communication netwoik to initiate a transaction, wherein, during the 
transaction, the buyer system selects one or more of the items for purchase and 
transmits information regarding the one or more items to the merchant server 
system; (iii) a security server system including a computer processor and 
associated memory and an encryption device, the security server system 
receiving buyer information finom the buyCT system, encrypting die buyer 
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infoimatioii in an encryption key that prcveats the merchant server system 
from decrypting the buyer information, and transferring the encrypted buyer 
information to the merchant server system; and (i v) a third server syst^ 
including a computo- processor and associated memory, the tiiird server 
system being selectively coiq)lable to the merchant server system, wherein the 
merchant server syston transmits at least a portion of the encrypted buyer 
information to the third servo* system for processing during the transaction. 
[21] According to another aspect of the invention, a system for performing 
secure transactions over a communication network includes (i) a merchant 
server system including a coiiq>ut^ processor and associated memory, the 
merchant servCT system offering items for sale; (ii) a buyer system including a 
computer processor and associated monory, the buyer system being 
selectively coiq>lable to the merchant server system over the co mmuni cation 
network to initiate a transaction, wherein, during the transaction, the buyer 
system selects one or more of the items for purchase and (iii) a security server 
system including a computer processor and associated memory and an . 
encryption device, the security server system receiving buyer information 
from the buyer system and forming a merchant document including 
information regarding the item being purchased, encrypting the buyer 
information into a payment document including the buyer's payment 
information and encrypting the buyer information into an address document 
including the buyer's shipping address. The security server system transfers 
the buyer information to a first one of the merchant server system, a payment 
server system and a delivery server system, wherein the first system removes 
the document associated with the first system and transmits the remaining 
documents to a second one of the merchant server system, the payment server 
system and the delivery server system, wherein the second syston removes the 
document associated with the second system and transmits the remaining 
document to a third one of the merchant server system, the payment servo- 
system and the delivery server system. The security server system encrypts 
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&e buys* mfomiation using an enciyption key in ^^ch only the paymoit 
server system is enable of decrypting the payment docmnCTt and only the 
delivery server system is enable of decrypting the address document 
[22] According to yet another aspect of the invention, a method for 
performing secure transactions over a commimication network includes: 
[23] A. establishing a connection between a buyer system and a merchant 
SG^er system over ihe communications network to initiate a purchase 
transaction; 

[24] B. the buyer system selecting an item ofifsed for sale by the merchant 
server system; 

[25] C. the buyer system transmitting buyer information to a security server 
system; 

[26] D. the security server system encrypting the buyer information using 
an oicryption key that prevents the merchant servo* system fiom decrypting 
the encrypted buyer information; 

[27] E. the security server system transmitting the encrypted buyer 
information to the merchant server system; 

[28] F. the merchant server system transmitting at least a portion of the 
encrypted buyer information to a third server system for processing during the 
purchase transaction; and 

[29] G. the third server system decrypting the at least a portion of the 
encrypted buyer information before processing the information. 

[30] According to yet another aspect of the invention, a method for 
- " identifying a party includes, in a security server system including a computer 
processor and associated memory, the security server system being selectively 
couplable to a second server system, including a conq)uter processor and 
associated memory, over a communications network, performing the steps of: 
[31] A. obtaining a plurality of ideatLfying indicia from each of a plurality 
of parties; 
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[32] B. performing a one-way hash function on each of the phirality of 
identifying indicia to form a phnality of hashed identifiers, wherein a 
particular output of the one-way hash function is unique to a particular input 
of the hash function; 

[33] C. forming an array of hashed identifiers for each of the plurality of 
parties, wherein each array includes a number of hashed identifiers that are 
unique to each party; and 

in the second server system, perfoiming the steps o£ 
[34] D. receiving an identifying indicium fiom a party; 
[35] E. performing the hash function on the indicium to form a hashed 
indicium; 

[36] F. parsing each of the arrays to determine if the hashed indicium 
coincides with a hashed identifier therein; 

[37] G. determining which, if any, of the arrays contains a coincidence 
between the hashed indicium and a hashed identifier; 

Therein, if only one coinddraice occurs, the method comprises: 
[38] H. identL^dng a unique party firom the plurality of parties based the 
coinddehce between the hashed indicium and the hashed identifier; and 
. . wherein, if more than one coincidence occurs, the method comprises: 
[39] L repeating steps D-G until one of the amys contains a set of 
coincidences tiiat none of the other arrays contain; and 
[40] J. identifying a unique party fiom the plurality of parties based on the 
set of coincidences. 

Brief Description Of The Drawings 

[41] The foregoing and other objects of this invention, the various features 
thereo:^ as well as the invention itself may be niore fully understood fiom the 
following description when read together with tiie accompanying drawings in 
which: 
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[42] Fig. 1 is a schematic diagram of conventional infoimation distribution 
in an online transaction; 

[43] Fig. 2 is a schematic diagram of the system for effecting anonymous 
credit card purchases in accordance with the preset invention; 

[44] Figs. 3 A-3F are schematic diagrams showing different types of 
transactions that may be carried out according to the present invention; 

[45] Fig. 4 is a schematic diagram showing the steps involved in a purchase 
transaction in accordance with the present invention; 

[46] Fig. 5 is a schematic diagram showing the steps involved in a return 
transaction in accordance with the present invention; 

[47] Figs. 6A-6C are a schematic diagrams showing the steps involved in a 
chargeback transaction in accordance with the present invention; 

[48] Fig. 7 is a schematic diagram showing the steps involved in enabling 
private communication between a merchant and a buyer using alias email 
addresses in accordance with the present invention; 

[49] Fig. 8 is a schematic diagram showing the steps involved in the 
creation of an electronic wallet in accordance with the present invention; 

[50] Fig. 9 is a schematic diagram showing the steps involved in a purchase 
transaction using the electronic wallet in accordance with the present 
invention; 

[51] Fig. 1 0 is a schematic diagram showing the steps involved in a direct 
marketing fulfillment transaction in accordance with the present invention; 

[52] Fig.l 1 A is a schematic diagram showing the creation of a digest array 
in accordance with the present invention; 

[53] Fig. 1 IB is a schematic diagram showing the steps involved utilizing a 
digest array to identify a buyer in accordance with the present invention; and 
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[54] Figs. 12A-12B are scheniatic diagrams showing other types of 
purchase transaction schemes in accordance with the present invention. 

Detailed Description 

[55] Fig. 1 is a schematic diagram of a conventional online transaction in 
which a buyer 12, during the course of the online transaction, provides certain 
infonnation S to the merchant 14. This information S includes the buyer's - 
delivery address, payment information, such as a credit card number, and 
information about the item being purchased. In this conventional transaction, 
the merchant 14 possesses and has access to all of the buyer's information. 
The merchant 14 distributes the buyer's delivray address infonnation Si to the 
delivery firm 16 and distributes the buyer's payment information S2 to the 
payment processor 18. When the payment is approved by the payment 
processor 18, the transaction is consummated and the delivery firm 16 picks 
up the item from the merchant 14 or an agent of the merchant 14 and delivers 
the item to the buyer 12. While this type of transaction has been generally 
successfiil in enabling buyers to purchase item fiom merchants, a potential 
security risk exists since at least one party other than the buyer has possession 
of all of the buyer's private information. 

[56] Fig. 2 shows a diagram of a system 100 for enabling secure online 
transactions in which the merchant either never possesses all of the buyer's 
information or possesses the information in a form that it cannot read in 
accordance with a preferred embodiment of the present invention. The system 
100 includes buyer system 110, merchant server system 120, security server 
system 130, a payment processor server system 140, including merchant 
acquirer server system 142 and bank server system 144, and delivery server 
system 160, all connected to a common communications network 170. 
Preferably, the buyer syst^ 110, merchant server system 120, security server 
system 130, merchant acquirer server system 142, bank server system 144 and 
delivery server system 160 are each a personal computer such as an IBM PC 
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or IBM PC compatible system or an APPLE® MacINTOSH® system or a 
more advanced computer system such as an Alpha-based computer system 
available fiom Compaq Computer Corporation or SPARC® Station con^uter 
system available &om SUN Microsystems Corporation, although a main frame 
computer system can also be used. Prefaably, the commimications netwoik . 
170 is a TCP/IP-based netwoik such as the Internet or an intranet, although 
almost any well known LAN, WAN or VPN teclmology can be used. 
[57] In one preferred embodiment of the invention, the buyra- system 110 is 
an IBM PC compatible system operating an operating system such as the 
MiCTOsofl Windows® operating system, and merchant server systCT[i 120, 
security serv^ system 130, merchant acquirer server system 142, bank server 
system 144 and delivery server systCTi 160 are configured as web servers 
providing access to information such as web pages in HTML format via a 
protocol such as the HyperText Transport Protocol (http). The buyer system 
110 includes software to allow viewing of web pages, commonly referred to as 
a web browser, &us being enable of accessing web pages located on 
merchant server system 120 and security server system 130. Alternatively, 
buyer system 110 can be any wired or wireless device that can be connected to 
a communications netwoik, such as an interactive television system, such as 
WEBTV, a personal digital assistant (PDA) or a cellular telephone. In this 
prefened embodiment, mcichant server system 120 is an e-tail system offering 
a plurality of items for sale over the Internet. 

[5 8] While &e specific steps involved in tiie secure transaction system of 
the present invention are described in detail below. Figs. 3A-3E are schematic 
diagrams showing various forms of transactions that are achievable with the 
present invention. Each of Figs 3A-3E shows the transfer of information after 
the buyer has selected an item to purchase from the merchant server system 
and has proceeded to the checkout process. 

[59] Fig. 3A shows a transaction in which die buyer system 1 10 provides a 
set of information S to the security server system 130. As set forth above the 
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infonnation S inchides flie buyer's delivery address infonnation, paym&ot 
infonnation and optionally, infonnation about the item being purchased, such 
as a stock number, etc. The security server system, which is operated 
s^arately from the merchant, is dedicated to collecting &e buyer's 
informatioa and protecting the buy^'s information as encrypted documents. 
In the transaction of Fig. 3 A, two encrypted documents are created from the 
buyer's information S: a delivery document £i that can only be decrypted by 
the participating dehvery sorver system 160 and a payment document Ej that 
can only be decrypted by the participating payment processor server system 
140. Once encrypted, &e documents Ei and £2 are then transmitted to the 
merchant serv^ system 120 for storage and processing. At no time can the 
merchant serv^ system 120 decrypt the documents, but the merchant server 
system 120 can use them for a full range of services, including all credit card 
transaction types (e. g. authorization, settlement, void, chargd>ack) and for 
shipping and returns. Thus, the merchant server system 120 can never see the 
personal information S of the buyer, but is not hindered in its service offering, 

[60] Fig. 3B shows a transaction where the buyer's dehvery address 
information S] and payment information S2 are transmitted to the security 
server system 130 while the purchase item information S3 is transmitted 
directly to the merchant server system 120. The security server system 130 
encrypts the information S] and S2 to form encrypted documents E] and B2 
which are transmitted to the merchant server system 120. The merchant server 
system 120 then transmits the encrypted delivery document Ei, which includes 
the buyer's deliveary address information, to the dehvery server system 160 and 
transmits the encrypted payment docmhent E2, which includes the buyer's 
payment information, to the payment processor server system 140. The 
dehvery sorver system 160 and the paymrait processor server Systran 140 then 
decrypt their respective documents and the transaction can then be carried out 
without the merchant ever having possession of the buyer's deUver address 
information or payment information. 
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[61] Fig. 3C straws a transaction in which transfer of infonnation between 
the buyer system 1 10, the security server system 130 and the merchant SGCver 
system 120 is tiie same as that ^wn in Fig. SB. However, in this transaction, 
the encrypted delivery docimient Bi is transmitted firom the merchant serves- 
system 120 to a intermediate delivery server system 162 which decrypts the 
document Ei and transmits the decrypted information Si to the delivery serv^ 
system 160. likewise, the encrypted payment document £2 is transmitted 
fiom the merchant server system 120 to an intermediate payment server 
system 146 which decrypts the document E2 and transmits tiie decrypted 
information S2 to the payment processor server system 140. 

[62] Fig. 3D shows a fork-type transaction in which the buyer 110 provides 
its information S to the security server system 130. The security servCT system 
then s^arates the information into separate docmnents and distributes the 
delivery address information Si to the delivery server system 160, the payment 
infonnation S2 to the payment processor server system and the pinchase item 
information S3 to the merchant server system 120. In this transaction, even 
though the buyer's information is not encrypted, the security server systCTi 130 
ensures that each server system receives only the information necessary for it 
to enable the purchase transaction. 

[63] Fig. 3E shows an encryption pipe-type transaction, in wiiich the buyer 
110 provides its information S to the security server system 130. The security 
serv^ system 130 encrypts the information to form an encrypted document Bi, 
which includes the buyer's delivery address information and an encrypted 
document E2, which includes the buyer's payment information. The encrypted 
documents E] and E2 are then transmitted to the merchant server system 120, 
which transmits both encrypted documents to the delivery server system 160, 
which retains the encrypted delivery document Ei and transmits the remaining 
encrypted payment document E2 to the payment processor server system 140. 
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[64] Fig. 3F shows an encryption pipe-type transaction, in which the buyer 
110 provides its delivery address information Si and its payment information 
S2 to &e security server system and order information S3, particolaiiy 
information regarding the item being purchased by the buyer, to the mochant 
servCT system 120. The security saver system 130 encrypts tiie information Si 
and S2 to form an oicrypted document Ei and £2, respectively. The encrypted 
documents £1 and £2 are then transmitted to the merchant server system 120, 
which transmits both encrypted documents to the delivery server systm 160, 
which retains the encrypted delivery document Ei and transmits the remaining 
enoypted payment document £2 to the payment processor server system 140. 

[65] In a preferred embodiment of the invention, the buyer's private 
information, including delivery address information and payment information, 
is not disclosed to the merchant server system 120. The buyer provides this 
information directly to the security server system 130 which encrypts the 
delivery address information into a delivery document and encrypts the 
payment information into a payment document These docimients are 
encrypted using a key whi<^ enables only the delivery server system 160 to 
decrypt the delivery document and which enables only the payment processor 
server system 140 to decrypt the payment document These documents are 
transmitted by the security server system 130 to die merchant server system 
120, which then transmits die delivery document to the delivery server system 
160 and die payment document to the payment processor server system 140. 
The payment processor server system 140 is able to decrypt the payment 
document to authorize the payment and the delivery server system 160 is able 
to decrypt the delivery document to provide delivery of the purchased item to 
the buyer. In order to enable the delivery server system 160 to deliver the item 
from the merchant, the delivery server system provides the merchant server 
system 120 with an address signature code which preferably is a bar code that 
corresponds to an order number on the merchant server system. The delivery 
address information of the buyer is stored in the delivery server system and is 
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"tagged" with the address signature. Hie merchant sersrer system labels the 
package cantaining the item with the address signature. When the deliv^ 
firm associated with the delivery server syst^ 160 picks up the package from 
the mefchant, it reads the address signature to detennine the address to which 
flie package will be delivered. 

[66] Fig. 4 is a schematic diagram \^ch specifically shows this transfer of 

information between the buyear system 110, merchant server system .120,, 

security server system 130, merchant acquirer server system 142, bank server 
system 144 and deUvery server system 160 in accordance with the present 
invention, hi each of Figs. 4-10, a votical bar in the column below each of 
the systems 110, 120, 130, 142, 144 and 160 indicates an action performed by 
the associated system. Furthermore, tasks shown in a solid line indicate data 
transmitted "in the clear" or unencrypted, tasks shown in dotted dashed lines 
indicate tasks performed by the security server system 130 or tasks performed 
under tiie direction of security server system 130 and tasks shown in dotted 
lines indicate a transfer of encrypted data. 

[67] In step 202, the buyer system 1 10 initiates a connection to the 
merchant server system 120 over network 170. The buyer system 1 10 places 
one or more items in the shopping cart provided by the merchant server 
system 120, step 204, and proceeds to checkout, step 206, thus initiating the 
purchase transaction. Upon checkout, the buyer system 1 10 is transferred to 
the security server system 130, step 206. In the transfer, the merchant server 
Systran 120 references an XML document that contains instructions to the 
security server system 1 30 for what information is needed to be collected fixim 
the buyer system 1 10, and for which other server systems the resulting 
documents are to be encrypted. Security server system 130 maintains a 
schema to ensure that the merchant server system 120 cannot direct 
information to be ^crypted for ina^ropriate recipients (such as credit cards 
to a delivery firm). Not all of the collected information needs to be encrypted. 
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and some infonnation may be encrypted for more than 1 recipient, and some 
may be both encrypted into documents and sent back 'in the clear^ or 
unoiorypted. Security server system 1 30 serves forms (either created 
dynamically or drawn from a library of static forms) to the buyer system 110, 
step 208» to collect the sought infonnation that was defined in the XML 
instructions of die merchant server system 120* In steps 210-214, the buyer 
system 110 im>vides, to the security sender system 1 30, the necessary payment 
information, including credit card number and expiration date, the buyer 
system's email address and the buyer system's delivery address in&rmation. 
As the buyer's information is bemg received, the security server system 130 
creates, in steps 212-21 8, an encrypted delivery document Ei that includes the 
buyer's delivery address information and an encrypted paymoit document £2 
that includes the buyer's payment information. Encrypted delivery documoit 
E] preferably includes the buyer's name, delivery address, email address and 
the name of the delivery company. This document is encrypted with a key 
such that only the delivery server system is enable of decrypting the 
information contained therein. Encrypted payment document Ba preferably 
includes a merchant identification number (MID), a transaction identification 
number (TID), the credit card type, number, expiration date, the name on the 
credit card, the billing address associated with the credit card digital signature, 
a debit limit, which ensures that the credit card is not charged above the order 
amount and an order expiration date. This document is encrypted with a key 
such that only the payment processor server system is capable of decrypting 
the information contained therein. Security server system 140 also creates an 
aUas email address for the buyer. The alias email address is discussed in 
greater detail below with reference to Fig. 7. In step 218, the security server 
system creates a digest anay, which includes all of the information coUected 
by the security server system 130. This array is used to identify the buyer 
during fiiture transactions, as is described in greater detail below with 
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reference to Fig. 1 1 A. In stqp 220, a package of the eacrypted documents is 
assembled and transmitted to the merdiant server system 120, step 222. 

[68] The package of infbimation is transmitted to the merchant server 
system 120 as items in an XML document, including encrypted documents E| 
and E2, and unencrypted documents and one or more digest arrays. The XML 
tags are not encrypted so that the XML document can be p arsed by the 
mCTchant server system 120. The merchant server system 120 receives the - 
XML document and parses out the discrete itCTis, stq> 222. The items are 
stored in ttie merchant server system's order processing system, step 224. The 
merchant server system 120 sends the aicrypted payment document E2 to the 
participating mmhant acquire server system 142, stqp 226, which decrypts 
the document and transmits it to the bank server system 144, stq;> 228, for 
authorization. In step 230, if the payment information is ^)proved, the bank 
servCT system 144 transmits a payment authorization response to merchant 
acquirer server system 142, which transmits a payment authorization 
document to merchant server system 120, step 232. 

[69] Once the payment information has been s^roved and the merchant 
server system has received the payment authorization document, the merchant 
server system 120 transmits the encrypted deUvery document Ei and an order 
number to delivery server system 160, step 234. The dehvery server system 
160 decrypts the delivCTy document Ei, step 236, assigns an address signature 
to the order and transmits the address signature to the merchant server system 
120, which notijBes the buyo* system 1 10 that the order has been successfully 
processed via the merchant server system website, step 236. The address 
signature is similar to a tracking number, but uniquely identifies a shipping 
address as opposed to just a package. In step 240, the merchant server system 
produces a label with the address signature only, since it does not have access 
to the buyer* delivery address information, and transmits a delivery request to 
the delivery server system 160. The delivary server system 160 matches the 



wo 01/75744 



21 



PCT/CSOl/10760 



delivery request to the address dgoature which inchides the buyer's delivery 
address information. The deKvery server system 160 transmits a request to Ihe 
security server system 130, step 242, for the security server system to notify 
the buyer of the delivery tracking numb^ informatian via the security saver 
system's secure email component 132, Fig. 7. Security server system 130 
transmits the delivery tracking number information to the buyer via its secure 
email con^nent 132, step 244. In stqf) 246, die merchant server system 120 
transmits the encrypted payment document E2, as well as die payment 
authorization document, to the merchant acquirer server system 142, which 
decrypts the payment document E2 and transmits a setdement request to the 
bank SCTver system 144, st^ 248. Based on the payment authorization 
document, the bank ^yproves the settlemoit request and transmits payment, in 
the form of a settlem^ response, to die merchant server system 120, step 250. 
In stqp 252, die delivery firm associated with die delivery server system 160 
picks up tbe package from the merchant firm associated with the merchant 
server system 120, matches the address signature on the l^el provided by the 
merchant server system 120 to the delivery address infoimadon contained in 
the delivery document Ei and delivers the package to the buyer. 

[70] Accordingly, the invention enables a purchase transaction to be 
completed without disclosing any of the buyer's private information to the 
merchant server system 120. By encrypting the buyer's delivery address 
information into a discrete delivery document that includes only the buyer's 
dehvery address information in a form which only the delivery server systan 
160 can decrypt, the security server system 120 ensures that only^the delivery 
server system obtains information pertaining to the delivery of the purchased 
item. Furthermore, by encrypting the buyer's payment information into a 
discrete document that includes only the buyer's payment information in a 
form which only the payment processor server system 140 can decrypt, the 
security server system 120 ensures that only the payment processor server 
system 140 obtains information pertaining to the payment of the purchased 
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item. Since these discrete documeats are oicrypted before they are 
transmitted to the machant server system 120, the merchant server system 
cannot access the buyer's informatiQn. This example transfers the pertinent 
information similar to the transaction shown in Fig. 3 A. 

[71] Fig. 5 is a schematic diagram which shows a transfer of information 
between the buyer system 110, merchant server system 120, security server 
system 130, merchant acquirer servo- system 142, bank server system 144 and 
delivery server system 1 60 in a situation where Hie buyer returns a purchased 
product to the merchant for a refund. In step 300, the buyer system 1 10 
informs the merchant server system 120, either by telephone or email, that the 
buyer would like to return a product The merchant server system 120 
validates the request, st^ 302, and initiates a digest request, step 304, in 
which the customer provides information about the order, step 306, so that the 
merchant can identify the order, step 308. The use of the digest array to 
identify a buyer is discussed in greater detail below with reference to Fig. 1 IB. 
Alternatively, order receipts and other proo& of purchase can be used to 
authoiticate the buyer system 110 without drawing on a digest array created 
during the initial order. If the buyer is successfully autb^ticated, tiie 
merchant server system 120 ^>proves the return, step 310 and transmits the 
encrypted payment document fiom the initial transaction to the m^hant 
acquirer server system 142 for a credit authorization, step 3 12. The merchant 
acquirer server system 142 authorizes the credit and transmits a credit 
authorization to the merchant server system 120, step 314. The merchant 
server system 120 then transmits a return material authorization (RMA) 
number in an email to the buyer system 1 10 through the secure email 
component 1 32 of the security server system 130, steps 3 1 6, 3 1 8. The buyer 
sends the item back to tiie merchant through the delivery firm using the RMA, 
steps 320, 322. The merchant server system requests a credit settlement fiom 
the bank server system 144, step 324. The bank server system transmits the 
credit settlement to the merchant server system 120, step 326 and the bank 



wo 01^5744 



23 



PCrAJSOl/10760 



server system 144 provides the ^ropriate credit to the buyer's credit card, 
st^328. 

[72] Figs. 6Ay 6B and 6C are schematic diagrams which show a transfo of 
information between tiie buyer system 110, merchant server syst^ 120, 
security server system 130, merchant acquirer server syston 142 and bank 
server system 144 in the case of a buyer-initiated chargeback. A chargeback 
occurs when the buyer informs the bank that it will not pay for a charge - - 
resulting fixxm a transaction. In step 350, Fig. 6A, the buyer system 1 10 
initiates the chargeback by informing the bank server system 144 that the . 
charge will not be honored. The bank server system 144 reviews the request, 
step 352 and instructs the merchant acquirer server system 142 to search for 
the payment document associated with the request, st^ 354. The merchant 
acquirer server system 142 transmits a rqx>rt to the merchant server system 
including the nature of the complaint, step 356. The report only identifies the 
^ecific transaction to the merchant server system 120. At this point, the 
merchant server system only possesses information about the specific 
transaction and does not posses any of the buyer's personal information. The 
merchant server system 120 and the buyer system 110 communicate with each 
other anonymously through the secure email component of the security server 
system 130, steps 358-364. The merchant server system then transmits a 
chargeback response to the merchant acquirer server system 142, step 366. 
The merchant acquirer server system 142 transmits the request to the bank 
server system 144, step 368, and the bank server system issues a chargeback 
credit to the buyer's credit card, step 370. 

[73] The process shown in Fig. 6B is similar to the process shown in Fig. 
6A, with the difference being that die security serv^ system 130 creates the 
report to the merchant server system 120 rather than the mrachant acquirer 
server system 142. This enables the secinity server system 130 to either 
encrypt or withhold private information of the buyer fix)m the merchant server 
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system. Hie process shown in Fig. 6C is also similar to the process shown in 
Fig. 6A, wilfa the ctifTerence being that the merchant server system 120 
receives the chargeback request directly fiom the bank server system 144 
without any intervention from the merchant acquiror server system 144 or the 
security server systm 130. 

[74] The security server system 1 30 is also capable of enabling private 

email communications between parties, in particular between the buyer-system - 

1 10 and the merchant server system 120. Security server system 130 includes 
a secure CTiail compon^t 132» Fig. 7, widi which both the buyer system 110 
and the merchant server system register. The secure email component 132 
receives the buyer systm*s tme email address and assigns a buyer alias email 
address to the buyer's true address. likewise, the secure email component 132 
receives the merchant server system's trae email address and assigns a 
merchant alias address to llie merchant's true address. All email transactions 
between the buyer system 110 and the merchant server system 120 pass 
through the secure email component 132. In this way, the neidi^ party 
possesses the other party's true email address and all communication takes 
place through the secure email conqKment with the alias email addresses. 

[75] Fig. 7 is a schematic diagram which shows this process. In step 402, 
the merchant server system identified a buyer to which it will send an email 
message. The message is created, step 404, and sent to the buyer's alias email 
address via the merchanf s SMTP server. The email is directed to the secure 
email component 1 32 by die buyer's alias address, st^ 406, where it is 
validated by the secure email conqponent 132. Validation involves ensuring 
that a particular merchant is authorized to s^d email to a particular buyer with 
the buyer's alias email address. If the validation is rejected, the message is 
retumed to the merchant's tme email address, step 408. If the validation is 
approved, the secure email component 132 rewrites the SMTP header on the 
email message, changing the buyer's alias email address to the buyer's tme 
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email address^ and the merchant's true email address to the mrachanf s alias 
email address. The message is then sent to the buyer syst^i 110 via the 
secure email coaqxmenf s SMPT s&ver, step 410. If the buyer system 110 
Fq>lies to the merchant's email message, the reply is sent via Ihe buyer's 
SMTP server to the moxhant's alias email address, step 412. The message is 
then validated in the same manner as the original email message ^m the 
merchant server system 120. If validation &ils, the message is returned to the 
buyer's true e-mail address without having been delivered to the max:han[t 
sorver system 120, st^ 414. If validation does not foil, the secure email 
component 132 rewrites the SMTP header on the mail message;, changing the 
merchant's alias to the merchant's true e-mail address, and the buyer's true e- 
•mail address to the buyer's alias email address. The message is then sent via 
the secure email component's SMTP server to the merchant's true e-mail 
address (MTMA). 

[76] In order to simplify the transaction consummation process, the system 
of the present invention enables the buyer syst^n 1 10 to create an electronic 
'Vallet" which includes all of the buyer's information such as delivery address 
information and payment information. The security server system creates the 
wallet -by encrypting the delivery address information into a deUvery 
document Ei and encrypting the payment information into a payment 
docum^t Ba as dcsmbed above. Once the wallet is created, it is stored in a 
database on the merchant server system 120 for future purchase transactions. 
Fig. 8 is a schematic diagram of the process involved in the creation of the 
electronic wallet In st^ 420, the buyer system 110, horn the merchant server 
system website, requests that a wallet be created. The merchant server system 
. pronq)ts the buyer system 1 10 to create a user name and password, st^ 422. 
The merchant server system th^ directs the buyer system 1 10 toihe security 
server system 130, step 424, where the wallet creation takes place. The 
security server system 130 sends a personal information request form to the 
buyer system 110, step 426. In response, the buyer system 1 10 provides the 
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required information to the security server system 130, including the buy^s 
payment information, step 428, true email address, step 430 and delivery 
address infonnation, step 432. The security server syston 130 receives the 
information and encrypts the delivery address infonnation into the delivery 
document £i, encrypts the payment infonnation into the payment document E2 
and creates an alias email address for the buyer systCTi, steps 430-434. A 
digest array is created Bom Ihe received information, step 436, and a protected 
information package is assembled, step 438, \^ch inchides all of the buyer's 
. infotmation in a form which is not decryptable by the m^hant server system 
120. The package is transmitted to the merchant server system 120, which 
notifies the buyer system 1 10 via its website that the wallet has been 
successfully created, step 440. The merchant server system then parses the 
package into its s^arate documents, st^ 442, and stores the documents in a 
"wallet" associated with the particular buyer in a database of the merchant 
sorver system 120. The merchant server system 120 may request otho- 
information fiiom the buyer, such as buyer preferences and behavior profiles, 
which information is stored in the wallet with the buyer's encrypted 
information, st^s 444-448. 

[77] Fig. 9 is a schematic diagram of a transaction according to the preset 
invention which includes the use of the electronic wall^ described above. In 
step 502, the buyer system 110 establishes a connection with the merchant 
server system 120 over the network 170. The buyer system 110 places items 
in its shopping cart, st^ 504 and, when ready to checkout, logs into its wallet 
which is stored on the merchant server system 120 using its user name and 
password, step 506. The merchant server system 120 then asks if the buyer 
would like to follow an automatic checkout procedure, step 508. If no 
changes are to be made to the buyer system's information, the buyer system 
will choose tiiis procedure. The process then proceeds to step 528, to continue 
the transaction, wherein steps 528-552 are identical to steps 228- 252of Fig. 4. 
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[78] If the buy& system 110 does not select the automatic checkout, the 
meETcfaant server system 120 transmits the wallet infonnation to the security 
SCTver system 1 30, step 510. The security server system decrypts the wallrt 
information, step 512, and transmits a fonn to the buyer system 1 10 with a 
prompt to make any necessary changes to the information, stq>s 514, 516. 
The security serva- system 130 ^crypts the iqniated information into the 
deUvety document Ei and payment documoit ^2, step 518. The new protected 
infonnation package is assembled, step 520, and transmitted to the metchant 
servCT systepi 120 to i4>date the buyer's wallet information. The transaction 
then proceeds with steps 522-552, which are identical to steps 222-252 of Fig. 
4. 

[79] "The security servCT systdn 130 of the presait inveaition is also capable 
of enabling the merchant server system 120 to conduct a direct marketing 
fulfillment process while keeping the buyer system's information private. Fig. 
10 is a schematic diagram showing the steps involved in this process. In step' 
600, the merchant server system 120 develops a target list of buyer's to which 
it will send direct marketing material. Since all of the buyer infonnation in the 
possession of the merchant server system is encrypted, this target list is also 
encrypted. However, siiice die different «icrypted documents associated with 
each buyer system or paisable by the merchant server system 120, it is able to 
provide a Hst to the security server system 130 which includes the encrypted 
delivery address information of its buyers to the security serva- system 130, 
step 602. The security server system 130 decrypts the buyCT list, step 604, and 
transmits the buyer Hst to a fulfillment server system 172, step 606; The 
fulfillment server system 172 receives the direct marketing pieces fiom the 
merchant server system, step 608, labels them with the deliveary address 
information received finom the security servjer Systran 130, st^ 610, and sends 
the labeled pieces to the delivery firm associated witii the delivery server 
Systran 160, step 612. The delivery firm then delivers the direct marketing 
pieces to the buyers. This process enables the merchant server system to cause 
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direct marketing pieces to be delivered to buyers without the need for the 
merchant server system 120 to possess the actual delivery address information 
of the buye3:s. 

[80] Fig. 1 1 A is a schematic diagram showing the process involved in the 
creation of a digest array, \i^ch occurs when the buyer syst^'s infcmnation 
is first rapvX to the security servo- system 130. When the security server 

system receives the buya's information, such as in st^s 210-214 of Fig. 4, fee 

information Sj-Sn, in addition to being encrypted into docum^ts fliat can only 
be decrypted by a predetennined intended party^ is passed through a hashing 
function 174 such as the Secure Hash Algorithm (SHA), which creates a hash 
ou^mt Di-Db, corresponding to the information Si-Sn. The digest array is 
stored on the merchant server system 1^0 for future reference. 
[81] If the buyer system 110 needs to contact the merchant server system 
regarding a particular order, the merchant server syst^:! can match the buyer 
with the particular ord^ by using the digest array. For example, in the return 
process shown in Fig. 5, thQ buyer provides information to ttie merchant server 
system 120 and the mmhant server system searches its digest array to match 
th^ buyer with the particular order. As shown in Fig. 1 IB, 4he buyer system 
discloses certmn portions of information, sUchas its liame 180, the last 4 digits 
of its credit card 182 and its zip code 1 84. This inform^on is passed through 
hashing function. 174 to fpim hash outputs 186 corresponding to the 
information 180, 182 and 184. The merchant server system 120 searches the 
digest array 188 until the information provided by the buyer enables a match 
in the digest array 188 that enables the merchant server system to identify the 
particular order. 

[82] Accordingly, the present invention provides a method of and system 
for enabling online transactions in \vhich the merchant does not have access to 
the buyer's private delivery address information and payment informatioiL 
The security servCT Systran encrypts the delivery address information to form a 
dehvery document which can be decrypted only by the delivery server system. 
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Hie security server system also encrypts the payment address informatiQii to 
form a payment document which can be decrypted only by the payment 
processor server system. The delivery document and the payment document 
are provided by the security server system to the merchant server system, 
which, in turn, distributes the documents to the respective saver systems for 
processing during the course of an online transaction. While, in the example 
of Fig. 4, the transaction carried out is in the form of the combination 
Qicryption pipe/foik transaction shown in Fig. 3 A, it will be undonstood that 
tiie systm can be utilized to carry out any or all of the transaction types 
shown in Figs. 3A-3E. Furtiiermore, the system and method of the present 
invention can be utilized to carry out transactions which take the form of a, 
token passing ring, such as is shown in Fig. 12A, wherein encrypted 
documents may be passed among all of the parties in the ring 190 and a 
distributive ring, such as is shown in Fig. 12B, wherein a head party 
introduces encrypted documents into the ring 194, which documents are dien 
passed among the other parties of the ring 194. 

[83] The invention may be embodied in other specific forms without 
departing fiom the ^irit or essential characteristics thereof The present 
embodiments are therefore to be considered; in respects as illustrative and not 
restrictive, the scope of the invention being indicated by the appended claims 
rather than by the foregoing description, and all change which come within 
the meaning and range of the equivalency of the claims are therefore intended 
to be embraced therein. 
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CLAIMS 

1 . A transaction syst^n for perfoiming secure transactions over a 
communication netwoik comprising: 

a merchant server system including a con^uter processor and 
associated memory, said moxhant server system offering items for sale; 

a buyer system including a computer processor and associated 
memory, said buyer system being selectively cotq>lable to said m^hant 
server system over said conununication network to initiate a transaction, 
wherein, during said transactioi^ sajd buyer system selects one or more of said 
items for purchase; 

a security server system including a con^uter processor and associated 
memory and an encryption device, said security server system receiving buyer 
information from said buyer system^ encrypting said buyer information in an 
encryption key that prevents said merchant server system from decrypting said 
buyer information, and transferring said encrypted buyer information to said 
merchant server system; and 

a thiurd server system including a conq>uter processor and associated, 
memory, said third server system being selectively couplable to said merchant 
server system, wherein said merchant server syst^ transmits at least a portion 
of said encrypted buyer information to said third server system for processing 
during said transaction. 

2. The transaction syst^ of claim 1 wherein said third server 
system is one of a delivery server system and a payment processor server 
system. 
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3. The transaction system of claim 2 wherein said encrypted buyer 
information received by said deliv^ seiver system is delivery address 
information of said buyer. 

4. The transaction system of claim 2 wherein said encrypted buyer 
information received by said paym^ processor server system is payment 
information of said buy^. 



5. The transaction system of claim 1 further comprising a fourth 
server system including a computer processor and associated memory, said 
fourth server system being selectively coi^lable to one of said merchant 
server system and said third server system, wherein said one of said merchant 
server system and said third server system trananits at least a portion of said 
encrypted buyer information to said fourth server system for processing during 
said transaction. 

6. The transaction system of claim 5 wherein said security server 
system encrypts said buyer information into a first document and a second- 
document, wherein said first document- is transmitted to said third server 
system by said merchaiit server system and said second document is 
transmitted to said fourth server system by said merchant server system. 

7. The transaction server system of claim 5 wherein said security 
sender system encrypts said buyer iiLfonnation into a first document and a 
second document, wherein said first and second documents are transmitted to 
said third server system by said merchant server systan and said second 
document is transmitted to said fourth server system by said third server 
system. 
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8. The transaction system of claim 6 wherein said ttiird server 
system is one of a delivery server system and a payment processor server 
system and wherein said fomth server system is lite other of said delivery 
server system and said payment processor server system, and wherein said 
fcrst document contains one of the buyer system's delivery address information 
and the buyer system's payment information and the second document 
contains the other of said buyer system's delivery address information aiid 
said buyer system's payment information. 

9. The transaction system of claim 8 wherein said security server 
systCTi encrypts said jfirst docunieait using a first encryption key and said 
second document usiiig a second encryption key, wherein said one of said 
third serv^ system and said fourth server system that receives said first 
document can decrypt said first documrat but not said second document and 
wherein said other one of said ttmd server system and said fourth server 
system that receives said second document can decrypt said second document 
but npt said first document 

10. The transaction system of claim 7 wherein said third server 
system is one of a delivery server system and a payment processor server 
system and wherein said fourth server system is the other of said delivery 
server system and said payment processor server system, and wherein said 
first document contains one of the buyer system's delivery address information 
and tibe buyer system's payment information and the second documrait 
contains the other of said buyer system's delivery address information and 
said buyer system's payment information. 
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1 1 . The transaction system of claim 10 wherein said security server 
system encrypts said first document using a first ^cryption key anc} said 
second documoit using a second encryption key, wherein said one of said 
third servear system and said fourth server system that receives said first 
docum^t and second documents fixym said iheichant server system can 
decrypt said first document but not said second document and wherein said 
other one of said third server system and said fourth server system that 
receives said second document can decrypt said second document but not said 
first document. 

12. A system for performing secure transactions oyer a 
communication network comprising: 

a merchant server system including a computer processor and 
associated memory, said merchant server system offering items for sal^, 

a buyer system including a computer processor and associated 
meniory, said buyer system being selectively couplable to said merchant 
server system over said communication network to initiate a transaction, 
wherein, dining said transaction, said buyer system selects one or more of said 
items for purchase; 

a security server system including a computer processor and associated 
memory, said security sc^er system being selectively couplable to said buyer 
system to receive buyer information fiom said buyer system in the course of 
said transaction, said buyer information including delivery address 
information and payment information; 

a delivery server system including a computer processor and associated 
memory; and 

a payment processor server system including a cpmputer processor and 
associated memory^ 
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wherem said security server transmits said deliveiy address 
infomiation to said delivery se^er system and said paymoit information to 
said payment proccsssor servo: system. 

13. Hie transaction system of claim 12 wha:ein said security server 
system aicrypts said delivery address in^rmation into a first document and 
encrypts said payment information into a second 4ocument. 

14. The transaction Systran of claim 13 whorein said security server 
system transmits said first and second documents to said mertdiant server 
system, whidi transmits said first document to said delivery server system and 
said second document to said payment processor server system; and 

wherein said merchant server syst^ is inc^able of decrypting said 
first and second documents. 

15. A transaction system for performing secure transactions over a 
communication network comprising: 

a merchant server system including a con[q>uter processor and 
associated memory, said merchant server system offering items for sale; 

a buyer Systran including a computra- processor and associated 
memory, said buyer system being selectively coiq>lable to said merchant 
server system over said communication network to initiate a transaction, 
wherran, during said transaction, said buyer system selects one or more of said 
items for purchase and transmits information regarding said one or more items 
to said merchant server system; 

a security server system including a computer processor and associated 
memory and an encryption device;, said security sraver system receiving buyer 
information fiom said buyer system, encrypting said buyer information in an 
encryption key that prevents said merchant server system j&om decrypting said 
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buyer kifoimation, and transferring said encrypted buyer information to said 
merchant server system; and 

a third server system ir^chiding a conq>uter processor and associate 
memory, said third s^er syst^ being selectively couplable to said moxhant 
sorver system, wlioxin said moxhant server system transmit^ at least a portion 
of said encrypted buyer infom^on to said third server system for processing 
during transaction. 

16. The transaction system of claim 1 5 wherein said third server 
system is one of a delivery sctvct system and a payment processor s^er 
system. 

1 7. The transaction system of claim 1 6 wherein said encrypted 
buyer information received by said delivery server system is delivery address 
information of said buyer. 

1 8. The transaction system of claim 1 6 wherein said encrypted 
buyer informatipn received by said payment processor server system is 
payment information of said buyer. 

1 9. The transaction systCTi of claim 1 5 further comprising a fourth 
server system including a computer processor and associated monory, said- 
fourth server system being selectively couplable to one of said merchant 
server syst^ and said ttiird server system, wherein said one of said merchant 
server system and said third server system transmits at least a portion of said 
encrypted buyer information to said fourth server system for processing during 
said transaction. 

20. The transaction system of claim 1 9 wherein said security server 
system encrypts said buyer information into a first document and a second 
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document, in^erein said first document is transmitted to said third seiver 
systean by said merchant server system and said second docmnent is 
transmitted to said fourth server system by said merchant server syston. 

21 . The transaction server system of claim 19 wherein said security 
server systCTi ^crypts said buyer information into a first document and a 
second document, wherein said first and second documents are transmitted to 
said third server system by said merchant saver system and said second 
documoit is transmitted to said fourth server system by said third server 
system. 

22. Hie transaction system of claim 20 wherein said thircl server 
system is one of a delivery server system and a payment processor server 
system and wherein said fomrth server system is the oth^ of said deliv^ 
server system and said payment processor server system, and wherein said 
first document contains one of the buyer system's delivery address information 
and the buyer system's payment information and the second document 
contaips the other of said buyer system's delivery address information and 
said buyer system's payment information. 

23. The transaction system of claim 22 wherein said security server 
system encrypts said first document using a first encryption key and said 
second document using a secxxnd encryption key, herein said one of said 
third server system and said fourth server system that receives said first 
document can decrypt said first document but not said second document and 
wherein said other one of said third server system and said fourth server 
system that receives said second document can decrypt said second document 
but not said first document. 
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24. The transactioB system of claim 21 \^erein said third saver 
systCTi is one of a delivery seaver system and a payment piocessor server 
system and i^ercin said fourth server system is tiie oHhier of said delivery 
server system and said payment processor server system, and wherein said 
first doc^ent contains one of the buyer system's delivery address infonnation 
and the buyer system's paym^it information and the second document 
contains the other of said buyer system's delivery address information and 
said buyer system's payment infonnation. 

25. The transaction system of claim 24 wherein said security server 
system encrypts said first document using a first encryption key and said 
second document using a second encryption key, Wherem said one of said 
third sCTver system and said four& server system that receives said first 
document and second docum^ts fix>m said merchant servor system can 
decrypt said first document but not said second document and wherein said 
other one of said third server system and said fourth server system that 
receives said second document can decrypt said second document but not said 
first document. 
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26. A systm foT perfoiming secure transactioBs over a 
CQnununicadon netwoik coniprismg: 

a moncbant server system including a cojaq>uter processor and 
associated memory, said merchant server system offenng items for sal^ 

a hayei system including a computer processor and associated 
memory, said buyer system being selectively couplable to said merchant 
"server system over said commimication netwoik to initiate a transaction, 
i^erein, during said transaction, said buyer system selects one or more of said 
it^ms for purchase 

a security server system including a computer processor and associated 
mCTEiory and an encryption device, said security server system receiving buyer 
information fiom said buyer system and forming a merchant document 
including information regarding &e item being purchased, encrypting said 
buyer information into a payment document including the buyer's payment 
information and encrypting said buyer information into an address document 
includdng the buyer's shipping address; 

said security server system transferring said buyer information to a first 
one of said merchant server system, a payment server system and a delivery 
server system, wherein said first system removes the document associated 
with the first system and transmits the remaining documents to a second one 
of said m^hant server system, said paym^t server system and said dehveiy 
server system, wherein said second system removes the document associated 
with the second system and transmits the remaining document to a third one of 
said merchant server system, said payment server system and said delivery 
server system4 

lA^erein said security server syston encrypts said buyor information 
using an encryption key in which only said payment server system is enable 
of decrypting said payment document and only said delivery server system is 
enable of decrypting said address document 
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27. A method for performing secure transactions over a 
communication netwoik comprising: 

A. establishing a connection between a buyer system and a merchant 
serv^ systm over said commimications netwoik to initiate a purchase 
transaction; 

B. said buyer system selecting an it^i offered for sale by said 
merchant serv&c system; 

C. said buyer system transmitting buyer infoimation to a security 
server system; 

D. said security server system encrypting said buyer information using 
an encryption key that prevails said merch^t server system &om decrypting 
said encrypted buyer information; 

E. said security sarver system transmitting said encrypted buyer 
information to said merchant server system; 

F. said merchant server system transmitting at least a portion of said 
encrypted buyer information to a third server system for processing during 
said purchase transaction; and 

G. said third server system decrypting said at least a portion of said 
encrypted buyer information before processing said information. 
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28. A n^ethod for ideatifying a party comprising: 

A- obtaining a plurality of identifying indicia from each of a plurality 
of parties; 

B. po^onning a one-way hash function on each of said plurality of 
identifying indicia to form a phirahty of hashed identifiefs, wherein a 
particular output of said one-way hash function is unique to a particular itq>ut 
of said hash function; 

C. forming an array of hashed id^tifiers for each of said plurality of 
parties, wherein each array includes a xiumber of hashed identifiers that are 
unique to each party; 

D. receiving ask identifying indicium firon a party; 

E. performing said hash function on said indicium to form a ha^ed 
indicium; 

F. parsing each of said arrays to determine if said hashed indicium 
coincides with a hashed idoitifier therein; 

G. determining which, if any, of said arrays contains a coincidence 
between said hashed indicium and a hashed identifier; 

wherein, if only one coincidence occurs, the method contprises: 

H. identifying a unique party from said plurality of parties based said 
coincidence betweoi said hashed indicium and said hashed id^tifier; and 

wherein, if more than one coincidence occurs, the method comprises: 
L repeating steps' D-G until one of said arrays contains a set of 

coincidences that none of the other arrays contain; and 

J. identifying^ unique party from said plurality of parties bas^ on said 

set of coincidences. 
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29. A method for identifying a party comprising: 

in a security server system inchiding a coitq>uter processor and 
associated memory, said security server system being selectively coiq)lable to 
a second server system, including a conqputer processor and associated 
memory, over a communications network, performing the steps of: 

A. obtaining a plurality of identifying indicia finom each of a plurality 
of parties; 

B. performing a one-way hash function on each of said plurality of 
identifying indicia to form a plurality of hashed identifiers, \^^ein a 
particular output of said one-way hash function is unique to a particular input 
of said hash function; 

C. forming an array of hashed identifiers for each of said plurality of 
parties, wherein each array includes a number of hashed identifiers that are 
unique to each party; and 

in said second server system, performing the 5tq>s of: 

D. receiving an identifying indicium from a party; 

E. performing said hash function on said indicium to form a hashed 
indicium; 

F. parsing each of said arrays to determine if said hashed indicium 
coincides with a hashed identifier therein; 

- G. determiniiig which, if any, of said arrays contains a coincidence 

between said hashed indicium and a hashed identifier; 

wherein, if only one coincidence occurs, the method comprises: 

H. identifying a unique party fiom said plurality of parties based said 

coincidence betwe^ said hashed indicium and said hashed identifier; and 

wherein, if more than one coincidence occurs, the method conq>ri5es: 
L repeating steps £)-G untU one of said arrays contains a set of 

coincidences that none of the other arrays contain; and 

J. identifying a unique party fix>m said plm^ty of parties based on said 

set of coincidences. 
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